All Examples  This Package

Class examples.security.rdbmsrealm.RdbmsRealm

java.lang.Object
   |
   +----examples.security.rdbmsrealm.RdbmsRealm

public class RdbmsRealm

extends Object

implements ListableRealm, CacheableRealm

The realm is configurable through a Java Properties resource named weblogic.realm_properties. Here is a description of its properties:

• (Required) The database driver, dbURL, dbUser, and dbPassword to specify the JDBC connection
• (Required) Values for getUser, getGroupMembers, and getAclEntries to specify JDBC PreparedStatements that take a single parameter for the name
• (Required) Values for getUsers, getGroups, getPermissions, and getAcls to specify parameterless JDBC PreparedStatements that help implement the ListableRealm functions. Note that the selected columns for the pairs of PreparedStatements getUser/getUsers, getGroupMembers/getGroups, and getAclEntries/getAcls must match so that the same function can be used to convert JDBC ResultSets to the realm's users, groups, and ACLs. Furthermore, the results for getGroups and getAcls need to be ordered by the name column for the same reason.

The implementation calls factory functions for users, groups, and ACLs so that subclasses can override these. The factory functions at this level assume a certain number and order of the columns in the ResultSet:

• For a user, the user's name and password
• For a group, the group's name and a member name
• For an ACL, the ACL's name, the name of a group or user, and the name of a permission.

RdbmsUser implements CacheableRealm and uses the caching realm for internal calls to the BasicRealm API. Initially, the caching realm is the instance itself, which works. A caching realm will delegate to this realm when a call to the cache is unfulfilled.

RdbmsRealm can also be used to define the tables and/or populate the database. The special prefix fromScratch. in a realm name indicates that the real realm name is the remaining string, and that SQL from a Data Definition resource, composed from the real realm name with suffix .realm_ddl, should be executed.

You can run the RdbmsRealm in test mode to see a listing of users, groups, ACLs, and permissions for the realm by changing the static boolean "unitTest" to true and recompiling.

Scripts are provided in this directory that compile the Java files, copy the appropriate resources into WebLogic's CLASSPATH, and create the appropriate tables in an RDBMS. Edit weblogic.realm_properties for your DBMS. The scripts are designed to be run from the current directory (examples/security/rdbmsrealm/). See the DefaultRealmExtender examples for more details on using RdbmsRealm as a replacement for the WebLogic default realm.

Author:

Copyright (c) 1998-1999 by BEA Systems. All Rights Reserved.

aclOwner

cache

conn

DB_PASSWORD

DB_URL

DB_USER

DRIVER

GET_ACL_ENTRIES

GET_ACLS

GET_GROUP_MEMBERS

GET_GROUPS

GET_PERMISSIONS

GET_USER

GET_USERS

getAclEntriesStmt

getAclsStmt

getGroupMembersStmt

getGroupsStmt

getPermissionsStmt

getUsersStmt

getUserStmt

name

SPECIAL_PREFIX

RdbmsRealm()

getAcl(String)

Gets the access control list by the specified name.

getAcl(String, char)

Gets the access control list by the specified name, with an ACL name delimiter other than the default (dot, ".").

getAclOwner(Object)

Returns null.

getAcls()

Returns an Enumeration of the groups in a particular realm.

getCache()

Returns the cache of a BasicRealm.

getGroup(String)

Gets a Group for the specified name.

getGroups()

Returns an Enumeration of the groups in a listable realm.

getName()

getPermission(String)

Gets a Permission that matches the specified name.

getPermissions()

Returns an Enumeration of the permissions for a realm.

getPrincipal(String)

Resolves a name to a User or Group while giving the cache a try.

getUser(String)

getUser(UserInfo)

Gets a User that matches the specified user info.

getUsers()

Returns an Enumeration of the users in a particular realm.

init(String, Object)

load(String, Object)

Does nothing.

main(String[])

newRdbmsAcl(ResultSet, Notifiable)

Converts the ResultSet into a Group.

newRdbmsGroup(ResultSet, Notifiable)

Converts the ResultSet into a Group.

newRdbmsUser(ResultSet)

Converts the ResultSet into a User.

save(String)

Does nothing.

setCache(BasicRealm)

Sets the cache for the specified BasicRealm.

 public static final String DRIVER

 public static final String DB_URL

 public static final String DB_USER

 public static final String DB_PASSWORD

 public static final String GET_USER

 public static final String GET_GROUP_MEMBERS

 public static final String GET_ACL_ENTRIES

 public static final String GET_USERS

 public static final String GET_GROUPS

 public static final String GET_PERMISSIONS

 public static final String GET_ACLS

 public static final String SPECIAL_PREFIX

 protected Connection conn

 protected PreparedStatement getUserStmt

 protected PreparedStatement getGroupMembersStmt

 protected PreparedStatement getAclEntriesStmt

 protected PreparedStatement getUsersStmt

 protected PreparedStatement getGroupsStmt

 protected PreparedStatement getAclsStmt

 protected PreparedStatement getPermissionsStmt

 protected String name

 protected BasicRealm cache

 protected Principal aclOwner

 public RdbmsRealm()

 public static void main(String argv[]) throws Exception

 public void init(String name,
                  Object ignoredCredential) throws NotOwnerException

 public String getName()

 public User getUser(String name)

 public User getUser(UserInfo userInfo)

Gets a User that matches the specified user info.

 public Principal getAclOwner(Object credential)

Returns null. This way ACLs cannot be manipulated outside of the database.

 public Group getGroup(String name)

Gets a Group for the specified name.

 public Acl getAcl(String name)

Gets the access control list by the specified name.

 public Acl getAcl(String name,
                   char separator)

Gets the access control list by the specified name, with an ACL name delimiter other than the default (dot, ".").

 public Permission getPermission(String name)

Gets a Permission that matches the specified name.

 public void load(String name,
                  Object credential) throws ClassNotFoundException, IOException, NotOwnerException

Does nothing. This realm is not loaded and saved but implements its functions based on a persistently stored state.

 public void save(String name) throws IOException

Does nothing. This realm is not loaded and saved but implements its functions based on a persistently stored state.

 protected User newRdbmsUser(ResultSet rs) throws SQLException

Converts the ResultSet into a User. Subclasses override this to work with other PreparedStatements and/or to returns different User implementations.

 protected Principal getPrincipal(String name)

Resolves a name to a User or Group while giving the cache a try.

 protected Group newRdbmsGroup(ResultSet rs,
                               Notifiable n) throws SQLException

Converts the ResultSet into a Group. Subclasses override this to work with other PreparedStatements and/or to returns different Group implementations.

 protected Acl newRdbmsAcl(ResultSet rs,
                           Notifiable n) throws SQLException

Converts the ResultSet into a Group. Subclasses override this to work with other PreparedStatements and/or to returns different Group implementations.

At this level the implementation requires all Principal names to appear together.

 public Enumeration getUsers()

Returns an Enumeration of the users in a particular realm.

 public Enumeration getGroups()

Returns an Enumeration of the groups in a listable realm.

 public Enumeration getAcls()

Returns an Enumeration of the groups in a particular realm.

 public Enumeration getPermissions()

Returns an Enumeration of the permissions for a realm.

 public BasicRealm getCache()

Returns the cache of a BasicRealm.

 public void setCache(BasicRealm r)

Sets the cache for the specified BasicRealm.

All Examples  This Package